Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but not all of them have a present to open. This is why our family started a charity project in 2007 called the Shoebox Project. A few years later, my wife suggested that I create a website to help us spread the word of how people could fill a shoebox with gifts and bring it into a collection center.
After doing some online research and reading about their famous “five-minutes install”, I chose to create a WordPress website. It was a small website, but at least now we had an online presence. I could talk to people and receive emails and everything, until this happened:
I’ve Been Hacked
On December 22, 2014, my website was hacked. It felt like everything had collapsed. I asked myself why? Why me? What is so important on this website that somebody would decide to hack it three days before Christmas?
The impacts were massive. Emails that I’ve never sent started coming back to me, which pointed to the fact that there was a script or some sort of malware file in the site sending out these emails. My family-oriented social project was now sending out porn and Viagra spam. Just imagine the impacts on all of the people receiving them.
Then I received a warning from the host. If the email spam issues were not addressed, the website would be suspended. No legitimate emails could go out because there were hundreds of thousands of spam emails clogging the email server.
Nearly done with distributing the gift boxes, I was in the middle of preparing the reports to share with all the volunteers who donated a box. The reports would let them know where the boxes went and how the children received them. However, by the end of the day, the website was already blacklisted.
In the context of websites, blacklisting refers to the process of search engines removing a website from their index. When blacklisted, a site loses nearly 95% of its organic traffic, which can quickly impact sales and revenue.
Anybody who went to the site would see that it was distributing malware and our credibility was at stake.
All I wanted was to have it fixed, to have my website back. I started with looking through the logs– I changed all my passwords, FTP, cPanel, Norton Commander. Then I started to check if the issue was in my computer. I scanned my computer to see if there were any keyloggers, malware, anything like that.
Reinfection and Defacement
I finally cleaned the website and it was back online. I felt relieved. Unfortunately, it only took two days for the hackers to return. The website was defaced on December 24th, Christmas Eve.
I realized that it was time to ask for help. After doing a lot of online research, I found Sucuri.
In Need of a Pro
On Christmas eve, I hit the chat button at 4am in the morning (for me in Romania) and somebody was online at Sucuri, knowing exactly what I was talking about. After I signed up and opened a malware removal ticket, 40 minutes later, the website was back online.
Not only did they clean my website, but they also gave me post-hack tips.
A Malware-Free Merry Christmas
By the end of the next day, Google removed my website from the blacklist. On Christmas day, my website was back online and I was happy.
Today I work for Sucuri as a social media specialist and I help lead our community efforts and host our monthly webinars. It is my blessing to be able to travel the world, meet our customers and friends at events, and share my story. The worst thing that happened to me turned out to be a very good thing. It taught me that I needed to wake up and face the dangers of being online in this world. I realized the responsibilities we all have, as website owners, to protect the visitors that come to our website and keep them safe from being infected with malware we might distribute.
If you want to hear my story in more details, watch the webinar we presented about how my website was hacked on Christmas Eve.